Mercurial Mercurial > evirc / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
src/ssl.c
author Tero Marttila <terom@fixme.fi>
Wed, 27 May 2009 23:57:48 +0300
branchnew-lib-errors
changeset 217 7728d6ec3abf
parent 181 b12a6081fc85
permissions -rw-r--r--
nexus.c compiles 
#include "ssl_internal.h"

#include <assert.h>

/*
 * Global shared anonymous client credentials
 */
struct ssl_client_cred ssl_client_cred_anon = { .x509 = NULL, .verify = false, .refcount = 0 };


// XXX: GnuTLS log func
void _log (int level, const char *msg)
{
    printf("gnutls: %d: %s", level, msg);
}

err_t ssl_global_init (error_t *err)
{
    // global init
    if ((ERROR_EXTRA(err) = gnutls_global_init()) < 0)
        return SET_ERROR(err, ERR_GNUTLS_GLOBAL_INIT);

    // initialize the anon client credentials
    if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&ssl_client_cred_anon.x509)) < 0)
        return SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);

    // XXX: debug
//    gnutls_global_set_log_function(&_log);
//    gnutls_global_set_log_level(11);

    // done
    return SUCCESS;
}

static void ssl_client_cred_destroy (struct ssl_client_cred *cred)
{
    // simple
    gnutls_certificate_free_credentials(cred->x509);

    free(cred);
}

err_t ssl_client_cred_create (struct ssl_client_cred **ctx_cred,
        const char *cafile_path, bool verify,
        const char *cert_path, const char *pkey_path,
        error_t *err
) {
    struct ssl_client_cred *cred;

    // alloc it
    if ((cred = calloc(1, sizeof(*cred))) == NULL)
        return SET_ERROR(err, ERR_CALLOC);

    // create the cert
    if ((ERROR_EXTRA(err) = gnutls_certificate_allocate_credentials(&cred->x509)) < 0)
        JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_ALLOC_CRED);
    
    // load the trusted ca certs?
    if (cafile_path) {
        // load them
        if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_trust_file(cred->x509, cafile_path, GNUTLS_X509_FMT_PEM)) < 0)
            JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_TRUST_FILE);

    }

    // set the verify flags?
    cred->verify = verify;
    gnutls_certificate_set_verify_flags(cred->x509, 0);

    // load the client cert?
    if (cert_path || pkey_path) {
        // need both...
        assert(cert_path && pkey_path);

        // load
        if ((ERROR_EXTRA(err) = gnutls_certificate_set_x509_key_file(cred->x509, cert_path, pkey_path, GNUTLS_X509_FMT_PEM)))
            JUMP_SET_ERROR(err, ERR_GNUTLS_CERT_SET_X509_KEY_FILE);
    }

    // ok
    cred->refcount = 1;
    *ctx_cred = cred;

    return SUCCESS;

error:
    // release
    ssl_client_cred_destroy(cred);

    return ERROR_CODE(err);
}

void ssl_client_cred_get (struct ssl_client_cred *cred)
{
    cred->refcount++;
}

void ssl_client_cred_put (struct ssl_client_cred *cred)
{
    if (--cred->refcount == 0)
        ssl_client_cred_destroy(cred);
}
evirc